File upload vulnerabilities & mitigation
Download as PPTX, PDF6 likes1,791 views
This document discusses file upload vulnerabilities, exploitation, and mitigation. It provides 6 cases of how file uploads can be exploited such as through simple uploads without validation or altering content types. Tools mentioned for exploitation include BurpSuite and proxies. The document recommends mitigation techniques like using .htaccess files outside the upload directory, storing uploads outside the server root, not relying on client-side validation, and renaming files with random names. It concludes with offering a proof of concept demonstration.
![Cases of File Upload Security
Case 1: Simple File upload form with no validation
Exploit: Simply upload shell (without any modification) in
server language format (asp, jsp, php, py)
Case 2: Mime Type Validation
Idea: This checks the content type. $_FILES[‘uploaded’][‘type’]
Exploit: Use of web proxies such as Burpsuite to intercept
and alter content type.
Case 3: Black listing extension types
Not good for hosted environment (running several scripting
languages)
Exploit: Impossible to predict all possible random
extensions (shell.php.345)
4](https://image.slidesharecdn.com/fileuploadvulnerabilitiesslideshare-140228112508-phpapp01/85/File-upload-vulnerabilities-mitigation-4-320.jpg)
File upload vulnerabilities & mitigation
- 1. File Upload Vulnerabilities Exploitation and Mitigation Chinedu Onwukike - Cyber Risk Consultant
- 2. The need for File Upload Indispensable way of file sharing Dropbox, 4shared.com etc Added functionality Increases business efficiency, enhances interaction between end users and corporate employees Social Networking Facebook, Twitter, MySpace, Instagram et al 2
- 3. The Threat Opens another door for attackers Lack of expertise in securing upload forms 3
- 4. Cases of File Upload Security Case 1: Simple File upload form with no validation Exploit: Simply upload shell (without any modification) in server language format (asp, jsp, php, py) Case 2: Mime Type Validation Idea: This checks the content type. $_FILES[‘uploaded’][‘type’] Exploit: Use of web proxies such as Burpsuite to intercept and alter content type. Case 3: Black listing extension types Not good for hosted environment (running several scripting languages) Exploit: Impossible to predict all possible random extensions (shell.php.345) 4
- 5. Cases of File Upload Security Case 4: Check the image header Idea: Using getimagesize() to determine if it is an actual image Exploit: Bypassed with Image editing tools Case 5: Protection with .htaccess Idea: To restrict the execution of script files in this folder Exploit: Use of web proxies such as Burpsuite to intercept and alter content type. Case 6: Client Side validation Idea: Better performance and client side checks Exploit: Can be easily bypassed with web application proxies 5
- 6. Tools BurpSuite Apache Server running PHP in Linux OS. Any Web browser Fairly secure server side PHP upload script. 6
- 7. Mitigation • .htaccess file should not be in the same directory as uploaded files. Can be in parent. • Upload files in a directory outside the server root • Avoid absolute reliance on client-side validation • Create a copy of the file with random name and add corresponding extension 7
- 9. Questions